12
5
On Linux, how can I change EUID of running process from command line (provided I have root access)?
jackhab
Posted 2009-10-18T08:26:44.023
Reputation: 2 176
Change EUID of running process
Answers
17
If the process is running with root-privileges, you could attach gdb to the process and call seteuid from within that process.
Example:
[root@user-desktop ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t
[root@user-desktop ~]# gdb /bin/bash $$
GNU gdb Fedora (6.8-27.el5)
# cut copyright & license statements
This GDB was configured as "x86_64-redhat-linux-gnu"...
# cut some initialization output
0x00000036b0a99335 in waitpid () from /lib64/libc.so.6
(gdb) call seteuid(500)
$1 = 0
(gdb) quit
The program is running. Quit anyway (and detach it)? (y or n) y
Detaching from program: /bin/bash, process 29017
[root@user-desktop ~]# id
uid=0(root) gid=0(root) euid=500(user) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t
Kjetil Jørgensen
Posted 2009-10-18T08:26:44.023
Reputation: 306
2
If you are talking about a process changing its own EUID, there are a bunch of ways to do that.
- setuid() - as a side-effect sets EUID when used by a process with EUID of 0
- seteuid()
- setreuid()
Depending on the effective UID of the program, and whether there is a saved UID, you may be able to switch between two EUID values in a non-root program. With a root privileged program, you have to be careful - you have to decide whether the change should be irreversible, and use the correct function for the job. (Using setuid() as root is irreversible.)
If you are trying to change a process that's already running from a separate process, then there is no standard way to do it - and I'm not sure there are many non-standard ways, either. You might be able to dink some information in /dev/kmem, but the expression 'thin ice' springs to mind.
Jonathan Leffler
Posted 2009-10-18T08:26:44.023
Reputation: 4 526
2
There's no way to do this "from the commandline" to just any running process.
I can say that with some sureness; the only "maybe" was /proc and I poked around in there (literally and via google) and ran into a dead-end regarding anything in /proc allowing for changing the EUID. You can LEARN what the UID and GID settings are in /proc/{pid}/status - but you can't change them using anything in /proc, at least as far as I can tell.
But it's easy enough to make something like that work -- a way to change the EUID of a process, from the commandline -- if you control the source code of the process you want to change. You can implement a signal handler for say SIGUSR1 and have the process change its own EUID however you need when it receives that signal. Then you would simply send the process that SIGUSR1 signal, via "kill" ...from the commandline, as you've asked... and it would change its EUID for you.
This might not be what you were thinking of, but... it's an answer to your question of how to do it... and it's the only answer I can think of.
pbr
Posted 2009-10-18T08:26:44.023
Reputation: 1 285
3+1 for creative approach to accomplishing the task... – quack quixote – 2009-11-11T12:40:53.197
Wow... yes, that's creative. Indeed I hadn't thought of attaching to the process with a debugger. With a bit of "expect" hackery, one could implement "cheuid <processID> <EUID>" that would work for SOME situations.
Specifically I believe that both the executer of gdb AND the process being affected would have to be root ...so this is of limited utility. AFAIK just running gdb as root, connecting to a non-root process, the seteuid would fail, since it will run with the privs of the executing process, not the privs of the debugger. – pbr – 2009-11-12T18:57:51.857